[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 23 18:59:24 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=926





------- Additional Comments From t8m at centrum.cz  2005-05-23 18:59 -------
I'm not sure if I understand your proposal well so I only make some remarks how
from the PAM point of view it should be done.

The pam_setcred(PAM_ESTABLISH_CRED) should be called before pam_open_session and
it shouldn't be necessary to call it with PAM_REINITIALIZE_CRED after that,
however it does no harm. What is important is to run pam_open_session as root
and in the same process (or before forking the child) where will be the user
shell executed.
The pam_close_session call should be done in the same process.

If your proposal stays within these limits it should be fine.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list